Skip to content

Latest commit

 

History

History
619 lines (452 loc) · 33.6 KB

changelog.md

File metadata and controls

619 lines (452 loc) · 33.6 KB

graphql-upload changelog

15.0.2

Patch

  • Updated dev dependencies.
  • Corrected the TypeScript type for the Koa context ctx parameter for the Koa middleware created by the function graphqlUploadKoa, from import("koa").Context to import("koa").ParameterizedContext.

15.0.1

Patch

  • Don’t import and link types from the middlware modules graphqlUploadExpress.js and graphqlUploadKoa.js within the module processRequest.js, fixing #314.

15.0.0

Major

  • Updated the busboy dependency to v1, fixing #311.
    • This important update addresses the vulnerability CVE-2022-24434 (GHSA-wm7h-9275-46v2).
    • Some error messages have changed.
    • Temporarily until mscdex/busboy#297 is fixed upstream, for the function processRequest and the middleware graphqlUploadExpress and graphqlUploadKoa the option maxFileSize is actually 1 byte less than the amount specified.

Patch

  • Updated the typescript dev dependency.
  • In the function processRequest use the on method instead of once to listen for error events on the busboy parser, as in edge cases the same parser could have multiple error events and all must be handled to prevent the Node.js process exiting with an error.
  • Simplified error handling within the function processRequest.
  • Added a test for the function processRequest with a maliciously malformed multipart request.

14.0.0

Major

  • Updated Node.js support to ^14.17.0 || ^16.0.0 || >= 18.0.0.
  • Updated the graphql peer dependency to ^16.3.0.
  • Updated the http-errors dependency to v2.
  • Public modules are now individually listed in the package files and exports fields.
  • Removed the package main index module; deep imports must be used.
  • Shortened public module deep import paths, removing the /public/.
  • Implemented TypeScript types via JSDoc comments, closing #282.
  • The GraphQLUpload scalar no longer uses deprecated GraphQLError constructor parameters.

Patch

  • Updated dev dependencies.
  • Simplified dev dependencies and config for ESLint.
  • Check TypeScript types via a new package types script.
  • Removed the jsdoc-md dev dependency and the related package scripts, replacing the readme “API” section with a manually written “Exports” section.
  • Removed the hard-rejection dev dependency. Instead, tests are run with the Node.js CLI flag --unhandled-rejections=throw to make Node.js v14 behave like newer versions.
  • Removed the formdata-node dev dependency. Instead, File and FormData are imported from node-fetch.
  • Updated GitHub Actions CI config:
    • Run tests with Node.js v14, v16, v18.
    • Updated actions/checkout to v3.
    • Updated actions/setup-node to v3.
  • Reorganized the test file structure.
  • Use the .js file extension in require paths.
  • Use the Node.js Readable property readableEncoding instead of _readableState.encoding in tests.
  • Use substring instead of the deprecated string method substr in tests.
  • Fixed a typo in a code comment.
  • Updated documentation.
  • Added a license.md MIT License file, closing #86.

13.0.0

Major

  • Updated Node.js support to ^12.22.0 || ^14.17.0 || >= 16.0.0.
  • Updated dev dependencies, some of which require newer Node.js versions than previously supported.
  • Removed ./package from the package exports field; the full package.json filename must be used in a require path.

Patch

  • Updated the graphql peer dependency to 0.13.1 - 16.
  • Updated dependencies.
  • Also run GitHub Actions CI with Node.js v17.
  • Simplified package scripts.
  • Renamed imports in the test index module.
  • Test the processRequest function with a GraphQL multipart request that has no files.
  • Test the processRequest function with an unparsable multipart request.
  • Replaced the form-data dev dependency with formdata-node, formdata-node, and node-abort-controller and refactored tests to align with web standards.
  • Refactored the processRequest function to remove the isobject dependency.
  • Improved the processRequest function, via #273:
    • Fixed ending requests from being handled incorrectly as aborting in edge cases, closing #272.
    • Fixed read streams created via the resolved Upload scalar value createReadStream method:
      • Not emitting the error event when the multipart request is aborted certain ways while the file is uploading.
      • Emitting incorrect error event details for multipart request file field parse errors.
  • Configured Prettier option singleQuote to the default, false.
  • Documentation tweaks.

12.0.0

Major

  • Updated Node.js support to ^12.20 || >= 14.13.
  • Updated dev dependencies, some of which require newer Node.js versions than previously supported.
  • The tests are now ESM in .mjs files instead of CJS in .js files.
  • Replaced the the package.json exports field public subpath folder mapping (deprecated by Node.js) with a subpath pattern. Deep require paths must now include the .js file extension.

Minor

  • Added a package sideEffects field.

Patch

  • Updated dependencies.
  • Lint fixes for the updated Prettier version.
  • Updated GitHub Actions CI config:
    • Updated the tested Node.js versions to v12, v14, v16.
    • Updated actions/checkout to v2.
    • Updated actions/setup-node to v2.
    • Simplify config with the npm install-test command.
    • Don’t specify the CI environment variable as it’s set by default.
  • Removed npm-debug.log from the .gitignore file as npm v4.2.0+ doesn’t create it in the current working directory.
  • Updated the EditorConfig URL.
  • Updated the package keywords field.
  • More specific package main field path.
  • Simplified JSDoc related package scripts now that jsdoc-md v10 automatically generates a Prettier formatted readme.
  • Added a package test:jsdoc script that checks the readme API docs are up to date with the source JSDoc.
  • Refactored private constants from exports of a single module to individual modules.
  • Fixed test name and comment typos.
  • Updated external URLs in docs.
  • Prettier format for a JSDoc code example.
  • Updated a GraphQLUpload code example to use @graphql-tools/schema instead of graphql-tools.
  • Removed from the readme the notice that the package was previously published as apollo-upload-server.
  • Simplified the readme “Setup” and “Support” sections.

11.0.0

Major

  • Updated Node.js support to ^10.13.0 || ^12.0.0 || >= 13.7.0.
  • Added a package exports field with conditional exports to support native ESM in Node.js and keep internal code private, whilst avoiding the dual package hazard. Published files have been reorganized, so previously undocumented deep imports will need to be rewritten according to the newly documented paths.
  • Updated dev dependencies, some of which require newer Node.js versions than previously supported.

Patch

  • Updated the graphql peer dependency to 0.13.1 - 15, fixing #200 via #201.
  • Updated Prettier related package scripts.
  • Configured Prettier option semi to the default, true.
  • Ensure GitHub Actions run on pull request.
  • Also run GitHub Actions with Node.js v14.
  • Fixed the ignoreStream function tests for Node.js v14 with a new CountReadableStream test helper, fixing #209.
  • Minor JSDoc wording tweak for consistency.
  • Mention Promise.allSettled in the readme “Tips” section.
  • Updated MDN Web Docs links.

10.0.0

Major

  • Updated Node.js support from v8.10+ to v10+, as earlier versions have reached end-of-life.
  • Updated the fs-capacitor dependency to v6, which now requires Node.js v10+, via #179.
  • Updated dev dependencies, some of which now require Node.js v10+.
  • Replaced the tap dev dependency with test-director, coverage-node, and hard-rejection to improve the dev experience and reduce the dev install size by ~75.7 MB. These new dev dependencies require Node.js v10+.
  • Reorganized files. This is only a breaking change for projects using undocumented deep imports.
  • Removed now redundant Node.js version compatibility logic in the processRequest function.
  • The processRequest function now places references to instances of the now exported and documented Upload class in the GraphQL operation for the GraphQLUpload scalar to derive its value, and the GraphQLUpload scalar now throws a GraphQLError when it parses an invalid value, fixing #175 via #181.
  • The GraphQLUpload scalar parseLiteral and serialize methods now throw GraphQLError (instead of Error) instances, with tweaked messages.

Minor

  • The createReadStream function in resolved file uploads now accepts options to configure the encoding and high water mark, fixing #177 via #179.

Patch

  • Removed the now redundant eslint-plugin-import-order-alphabetical and express-async-handler dev dependencies.
  • Stop using husky and lint-staged.
  • Use isobject for checking if values are enumerable, non-array objects.
  • Tests have been massively reorganized, refactored, and improved.
  • Test the GraphQLUpload scalar.
  • Test the ignoreStream function.
  • Moved the Upload class to its own file.
  • Added JSDoc for the Upload class instance property file.
  • Test the Upload class.
  • Improved JSDoc FileUpload typedef description.
  • Removed now redundant eslint-disable-next-line comments.
  • Use strict mode for scripts.

9.0.0

Major

  • Updated Node.js support from v8.5+ to v8.10+, to match what the eslint dev dependency now supports. This is unlikely to be a breaking change for the published package.
  • Removed the Upload scalar promise resolved stream property that has been deprecated since v7, along with associated tests.
  • ESM is no longer published, due to CJS/ESM compatibility issues across recent Node.js versions, via #169.
  • The file structure and non-index file exports have changed. This should only affect projects using undocumented deep imports.

Minor

  • Updated the fs-capacitor dependency to v4 to support Node.js v13, making required changes to the source and tests, via #166.
  • JSDoc comments are now included in the published code.
  • Several anonymous functions have been named, for better error stack traces.
  • Setup GitHub Sponsors funding:
    • Added .github/funding.yml to display a sponsor button in GitHub.
    • Added a package.json funding field to enable npm CLI funding features.

Patch

  • Updated dev dependencies.
  • Removed the .nycrc.json file:
    • tap now ignores test files by default.
    • The lib/test-helpers directory is now ignored using tap CLI arguments due to tapjs/node-tap#612.
  • Removed the esm and mjs package tags; they will be added back once native ESM is properly supported.
  • Updated JSDoc code examples to use CJS instead of ESM, as native ESM is not yet properly supported.
  • No longer test fs-capacitor implementation details such as temp file creation and cleanup.
  • Commented the reasons for several istanbul ignore next comments.

8.1.0

Minor

  • processRequest now throws an appropriate error when a multipart field value exceeds the configured size limit, fixing #159.
  • When the file size limit is exceeded, mention how many bytes the limit is in the stream error message.
  • Added a new processRequest option to the graphqlUploadExpress and graphqlUploadKoa middleware, for improved testing without mocks or spies which are difficult to achieve with ESM.

Patch

  • Updated dependencies.
  • Due to updated dependencies: Lint fixes, removed redundant eslint-disable-next-line comments, and regenerated the readme.
  • Documented koa-graphql as known to be compatible, via #156.
  • Fixed a readme typo, via #161.
  • Use GitHub Actions instead of Travis for CI.
  • Removed package-lock.json from .gitignore and .prettierignore, as it’s disabled in .npmrc anyway.
  • New file structure.
  • Explicitly defined main exports (instead of using export * from) to prevent accidental public exposure of internal APIs.
  • Moved JSDoc typedefs into the index main entry file, alphabetically sorted.
  • Nicer Browserslist query syntax.
  • Replaced the isObject helper with a smarter and tested isEnumerableObject.
  • Removed the isString helper.
  • Enforced 100% code coverage for tests, and improved processRequest internals and tests (including a new test using vanilla Node.js HTTP), fixing #130 via #162.
  • Removed a workaround from the startServer test helper.
  • Added a new ProcessRequestFunction JSDoc type, and applied it to processRequest.
  • Renamed the UploadOptions JSDoc type to ProcessRequestOptions.
  • Misc. documentation improvements.

8.0.7

Patch

  • Updated dependencies.
  • Handle invalid object paths in map multipart field entries, fixing #154.
  • Import WriteStream from fs-capacitor as a named rather than default import.

8.0.6

Patch

  • Updated dependencies.
  • Allow batched operations again, fixing #142.
  • Simplify tests by writing JSON as strings instead of using JSON.stringify.
  • Use async middleware with express-async-handler for Express tests.
  • Removed unintended maxFiles config in certain tests.
  • Added the Open Graph image design to the logo Sketch file.

8.0.5

Patch

  • Updated dependencies.
  • Handle invalid types in multipart fields and respond with meaningful HTTP 400 errors, via #139:
    • Invalid operations type.
    • Invalid map type.
    • Invalid map entry type.
    • Invalid map entry array item type.
  • Additionally test current Node.js v8 and v10 versions with Travis.
  • Reduced the size of the published package.json by moving dev tool config to files. This also prevents editor extensions such as Prettier and ESLint from detecting config and attempting to operate when opening package files installed in node_modules.
  • Removed the watch dev dependency and watch script.
  • Simplified the prepublishOnly script.
  • Change to the classic TAP reporter for tests.
  • Add apollo-server-koa and apollo-server-express back to the compatible environments list in the readme, now that they use the current version of this package.

8.0.4

Patch

8.0.3

Patch

8.0.2

Patch

  • Updated dev dependencies.
  • Fixed hanging when a request with a large payload has an “immediate” error, such as a malformed request, fixing #123 via #124.
  • Moved JSDoc type definitions to the end of files to make it easier to open to the code.

8.0.1

Patch

  • Updated dev dependencies.
  • Removed the package module field. Webpack by default resolves extensionless paths the same way Node.js in --experimental-modules mode does; .mjs files are preferred. Tools misconfigured or unable to resolve .mjs can get confused when module points to an .mjs ESM file and they attempt to resolve named imports from .js CJS files.
  • Updated package scripts and config for the new husky version.
  • Added a package browserslist field with the target Node.js version for @babel/preset-env and removed related config from babel.config.js.
  • Tests now log if the environment is CJS or ESM (--experimental-modules) and the NODE_ENV.
  • Fixed broken readme API documentation links.

8.0.0

Major

  • New naming that drops “apollo” to reflect the independent and universal nature of the project, fixing #68:

    To migrate you project from [email protected] to [email protected]:

    1. Run npm uninstall apollo-upload-server.
    2. Run npm install graphql-upload.
    3. Find and replace:
      • apolloUploadKoagraphqlUploadKoa.
      • apolloUploadExpressgraphqlUploadExpress.

Patch

  • Updated dependencies.
  • New project logo.

7.1.0

Minor

Patch

  • Updated dev dependencies.

7.0.0

Major

  • The processRequest function now requires a http.ServerResponse instance as its second argument.
  • Replaced the previously exported error classes with http-errors and snapshot tested error details, via #105.
  • No longer exporting the SPEC_URL constant.

Minor

  • Upload scalar promises now resolve with a createReadStream method instead of a stream property, via #92.
  • Accessing an Upload scalar promise resolved stream property results in a deprecation warning that recommends using createReadStream instead. It will be removed in a future release. Via #107.
  • An Upload scalar variable can now be used by multiple resolvers, via #92.
  • Multiple Upload scalar variables can now use the same multipart data, via #92.
  • Malformed requests containing invalid JSON for operations or map multipart fields cause an appropriate error with a 400 status instead of crashing the process, relating to #81 and #95.
  • Malformed requests missing operations, map and files, or just map and files, cause an appropriate error with a 400 status instead of hanging, fixing #96.
  • Tweaked GraphQLUpload scalar description to remove details about how it resolves on the server as they are irrelevant to API users.
  • Tweaked GraphQLUpload scalar error messages.

Patch

  • Updated dev dependencies.
  • Removed the npm-run-all dev dependency and made scripts and tests sync for easier debugging, at the cost of slightly longer build times.
  • Explicitly set processRequest default options instead of relying on busboy defaults.
  • Better organized project file structure.
  • Configured Prettier to lint .yml files.
  • Ensure the readme Travis build status badge only tracks master branch.

6.0.0-alpha.1

Big thanks to new collaborator @mike-marcacci for his help solving tricky bugs and edge-cases!

Major

Minor

  • Refactored package scripts to use prepare to support installation via Git (e.g. npm install jaydenseric/apollo-upload-server).

Patch

  • Updated dependencies.
  • Use single instead of double typographic quotes in error messages.
  • Use babel.config.js instead of .babelrc.js.
  • Enabled shippedProposals in @babel/preset-env config.
  • Improved testing:
    • Use tap instead of ava. Tests no longer transpile on the fly, are faster and AVA no longer dictates the Babel version.
    • Tests run against the actual dist .mjs and .js files in native ESM (--experimental-modules) and CJS environments.
    • Removed get-port dev dependency.
    • Added Express tests.
    • Test middleware error response status codes.
    • Test behavior of aborted HTTP requests.
    • Test that the app can respond if an upload is not handled.
    • Test files to upload are created in context, rather than using arbitrary project files, via #89.
  • Improved package.json scripts:
    • Leveraged npm-run-all more for parallelism and reduced noise.
    • Removed the clean script rimraf dev dependency in favour of native rm -rf. Leaner and faster; we only support *nix now for contributing anyway.
    • No longer use cross-env; contributors with Windows may setup and use a Bash shell.
    • Renamed the ESM environment variable to BABEL_ESM to be more specific.
    • Removed linting fix scripts.
    • Linting included in the test script; Travis CI will fail PR's with lint errors.
    • Custom watch script.
  • Improved ESLint config:
    • Simplified ESLint config with eslint-config-env.
    • Removed redundant eslint-plugin-ava dev dependency and config.
    • Undo overriding ESLint ignoring dotfiles by default as there are none now.
  • Use .prettierignore to leave package.json formatting to npm.
  • Tweaked package description and keywords.
  • Compact package repository field.
  • Improved documentation.
  • Readme badge changes to deal with shields.io unreliability:
    • Use the official Travis build status badge.
    • Use Badgen for the npm version badge.
    • Removed the licence badge. The licence can be found in package.json and rarely changes.
    • Removed the Github issues and stars badges. The readme is most viewed on Github anyway.
  • Changelog version entries now have “Major”, “Minor” and “Patch” subheadings.

5.0.0

Major

  • graphql peer dependency range updated to ^0.13.1 for native ESM support via .mjs. It’s a breaking change despite being a semver patch.

Patch

  • Updated dependencies.
  • More robust npm scripts, with the ability to watch builds and tests together.
  • Fixed missing dev dependency for fetching in tests.
  • Use eslint-plugin-ava.
  • HTTPS package.json author URL.
  • New readme logo URL that doesn’t need to be updated every version.

4.0.2

Patch

  • Temporary solution for importing CommonJS in .mjs, fixing reopened #40.

4.0.1

Patch

  • Correct imports for vanilla Node.js --experimental-modules and .mjs support, fixing #40.

4.0.0

Patch

  • Updated dependencies.
  • Simplified npm scripts.
  • Readme updates:
    • Documented Blob types, via #39.
    • Explained how to use processRequest for custom middleware.
    • Improved usage instructions.
    • Display oldest supported Node.js version.
    • Misc. tweaks including a simpler heading structure.

4.0.0-alpha.3

Minor

Patch

  • Updated dependencies.

4.0.0-alpha.2

Minor

  • Transpile and polyfill for Node.js v6.10+ (down from v7.6+) to support AWS Lambda, fixing #33.
  • Modular project structure that works better for native ESM.
  • Added tests.
  • Set up Travis to test using the latest stable Node.js version and the oldest supported in package.json engines (v6.10).
  • Added a Travis readme badge.
  • Improved error handling, fixing #26:
    • Custom errors are thrown or emitted with meaningful messages that are exported so consumers can use instanceof with them.
    • Where it makes sense, errors cause relevant HTTP status codes to be set in middleware.
    • Misordered multipart fields cause processRequest to throw MapBeforeOperationsUploadError and FilesBeforeMapUploadError errors in middleware.
    • The map field provided by the client is used to naively check the maxFiles option is not exceeded for a speedy MaxFilesUploadError error in middleware. The real number of files parsed is checked too, incase the request is malformed.
    • If files are missing from the request the scalar Upload promises reject with a FileMissingUploadError error.
    • Already if a file exceeds the maxFileSize option the file is truncated, the stream emits a limit event and stream.truncated === true. Now an error event is also emitted with a MaxFileSizeUploadError.
    • Aborting requests from the client causes scalar Upload promises to reject with a UploadPromiseDisconnectUploadError error for file upload streams that have not yet been parsed. For streams being parsed an error event is emitted with an FileStreamDisconnectUploadError error and stream.truncated === true. It is up to consumers to cleanup aborted streams in their resolvers.

Patch

  • Updated dependencies.
  • Smarter Babel config with .babelrc.js.
  • Refactor to use fewer Busboy event listeners.

4.0.0-alpha.1

Major

  • New API to support the GraphQL multipart request spec v2.0.0-alpha.2. Files no longer upload to the filesystem; readable streams are used in resolvers instead. Fixes #13 via #22.
  • Export a new Upload scalar type to use in place of the old Upload input type. It represents a file upload promise that resolves an object containing stream, filename, mimetype and encoding.
  • Deprecated the uploadDir middleware option.
  • graphql is now a peer dependency.

Minor

  • Added new maxFieldSize, maxFileSize and maxFiles middleware options.

Patch

  • Middleware are now arrow functions.

3.0.0

Major

  • Updated Node.js support from v6.4+ to v7.6+.
  • Express middleware now passes on errors instead of blocking, via #20.

Patch

  • Using Babel directly, dropping Rollup.
  • New directory structure for compiled files.
  • Module files now have .mjs extension.
  • No longer publish the src directory.
  • No more sourcemaps.
  • Use an arrow function for the Koa middleware, to match the Express middleware.
  • Compiled code is now prettier.
  • Prettier markdown files.
  • Updated package keywords.
  • Updated an Apollo documentation link in the changelog.
  • Readme improvements:
    • Added links to badges.
    • Removed the inspiration links; they are less relevant to the evolved codebase.
    • Fixed an Apollo link.
    • Replaced example resolver code with a link to the Apollo upload examples.

2.0.4

Patch

  • Updated dependencies.
  • Readme tweaks including a new license badge.

2.0.3

Patch

  • Updated dependencies.
  • Removed package-lock.json. Lockfiles are not recommended for packages.
  • Moved Babel config out of package.json to prevent issues when consumers run Babel over node_modules.
  • Readme tweaks and fixes:
    • Renamed the File input type Upload for clarity.
    • Wording and formatting improvements.
    • Covered React Native.
    • Documented custom middleware.

2.0.2

Patch

  • Updated dependencies.
  • Added a changelog.
  • Dropped Yarn in favor of npm@5. Removed yarn.lock and updated install instructions.
  • Set targeted Node version as a string for babel-preset-env.
  • New ESLint config. Dropped Standard Style and began using Prettier.
  • Using lint-staged to ensure contributors don't commit lint errors.
  • Removed build:watch script. Use npm run build -- --watch directly.

2.0.1

Patch

  • Updated dependencies.
  • Support regular requests from clients other than apollo-upload-client again, fixing #4.
  • Removed incorrect commas from example GraphQL input type.

2.0.0

Major

Patch

  • Clearer package description.
  • Use Standard Style instead of ESLint directly.

1.1.0

Minor

  • Exporting a new helper function for processing requests. It can be used to create custom middleware, or middleware for unsupported routers.
  • Exporting new Koa middleware.
  • Upload directory is ensured on every request now. While slightly less efficient, it prevents major errors when if it is deleted while the server is running.

Patch

  • Updated dependencies.
  • Documented npm install as well as Yarn.
  • Typo fix in the readme.

1.0.2

Patch

  • Fixed broken Github deep links in the readme.
  • Readme rewording.
  • Simplified package.json description.

1.0.1

Patch

  • Added missing metadata to package.json.
  • Added a link to apollographql/graphql-server in the readme.

1.0.0

Initial release.